HomeAbout UsNewsNews Display

NOTICE to Cleared Industry UPDATE (March 20, 2020)

PRINT  |  E-MAIL

Due to the COVID-19 National Emergency in the United States, DCSA is suspending all Enhanced Security Vulnerability Assessments (ESVAs) and onsite activities until further notice.  Facilities scheduled to receive an ESVA will instead be contacted virtually by their Industrial Security Representative (ISR) who will conduct a Continuous Monitoring Engagement.  Detailed information on these engagements will be provided by your ISR.

The unique challenges presented by the coronavirus pandemic, including managing unprecedented security challenges will take the collective efforts of both government and industry.  Please continue to share with us your challenges and working together we will work out solutions.

Facility Clearance Inquiries (Option 3 of the DCSA Knowledge Center) will be suspended until further notice.  Status inquiries can be obtained by leaving a detailed voicemail message (on the Knowledge Center voice mail) or sending a detailed email to the Facility Clearance Branch (FCB) mailbox at dcsa.fcb@mail.mil.  Please include your Facility CAGE Code and name for all status inquiries.  All messages will be returned within one day.

DCSA will extend all Authorizations to Operate (ATOs) expiring before April 18, 2020 for an additional 90 days.  This will allow DCSA to work with Industry to ensure operations to support the warfighter and classified programs are sustained.  The following guidance from the DCSA Assessment and Authorization Process Manual (DAAPM) is also provided:

Assess and Authorize Activities (DAAPM 2.1)

Security Control Assessment (SCA) activity will continue to occur.  The onsite portion of the SCA activity will be delayed, deferred, or rescheduled.  Documenting evidence of security and validation requirements remain unchanged; only the execution of onsite activity will change temporarily.

Audit Variances (DAAPM 12)

During periods of system inactivity (e.g., hibernation) or when a facility plans to stop work for an extended period of time (e.g., holiday shutdowns), an audit variance may be authorized.  Periods of hibernation will not exceed 180 days without Regional Authorizing Official approval.  When requesting an audit variance, Industry must have a Standard Operating Procedure (SOP) in place that specifies how the system will be protected during a dormant state.  The SOP will include a process for protecting the system through the use of physical security controls (e.g., seals, locks, alarms, and GSA-approved containers), technical controls (e.g., whole disk encryption, disabled accounts, and audit logs), and immediate patching/ updates upon return to service.  The audit variance will be authorized via the security plan (i.e., added as a supporting artifact).  Industry is required to maintain a log of audit variance activities on-site.  Audit variance documentation will be assessed during the ESVA and other engagement activities (e.g., Advise & Assist visits, periodic communications, etc.).

Recognizing the unique, fast-paced circumstances, DCSA will work with our industry partners who may not have had time to completely document and submit procedures to ensure safety and security.  Your local Counterintelligence Special Agent (CISA), Information Systems Security Professional (ISSP), and Industrial Security Representative (ISR) remain your first points of contact. 


VROC issues supplemental guidance on TS/SCI eligibility upgrade requests in DISS
May 19, 2020 - The Vetting Risk Operations Center provides Industry with supplementary guidance related to the recent posting, "Operational Change to Adjudicating Tier 3 and Tier 5 Investigations" on April 30, 2020. The guidance does not intend to replace or supersede existing procedures, but rather to clarify Industry specific Defense Information System for Security (DISS) guidance related to the TS/SCI eligibility upgrade requests. Click the headline to see the guidance.

Overdue PR DQI Recall
May 18, 2020 - On May 15, 2020, a Data Quality Initiative (DQI) was done in the Joint Personnel Adjudication System (JPAS) to address subjects with Overdue Periodic Reinvestigations (PR). We have learned that while the DQI successfully identified the overdue PR population, some Facility Security Officers (FSOs) and Security Management Officers (SMOs) with an owning/servicing relationship also received the DQI message on subjects with open investigations, recently closed investigations or subjects that were enrolled into CE because of a deferred investigation. These populations (subjects without overdue PRs)received the DQI message in error. We assure that no action will be taken on these subjects as a result of the 15 May DQI. As a reminder, clearances do not expire. If you encounter any issues with your Government Customers, please refer them to the signed memorandum, dated December 7, 2016, from the Office of the Under Secretary of Defense for Intelligence reminding DoD Components that personnel security clearances do not expire. Click the headline to see the guidance.

2020 PSI Data Collection to Industry
May 8, 2020 - DCSA just completed the 2020 Personnel Security Investigation (PSI) Data Collection to Industry, and would like to thank our industry partners for their participation. In spite of many facility closures due to the COVID- 19 pandemic, over 8,000 unique CAGE codes still found a way to respond to the 2020 PSI Data Collection using National Industrial Security System. The submission rates for the 2020 PSI Data collection increased 25% over last year, with almost 2,000 additional CAGEs responding. Approximately 65% of all CAGEs were included in the 2020 PSI Data Collection up from a 52% response rate last year. Thank you again for your participation, as this survey is a key component in projecting PSI requirements for the DCSA Industry PSI program.

Industry DISS Automated Provisioning Initiative
May 4, 2020 - Beginning May 4 - May 27, 2020, the Defense Manpower Data Center (DMDC) will conduct automated provisioning of the Defense Information System for Security (DISS), Joint Verification System (JVS) accounts for the Industry Security Management Offices. This is one of the major steps in fully deploying DISS within the Department of Defense, as the Joint Personnel Adjudication System (JPAS) replacement. Eligible recipients will receive two email notifications: (1) user provisioning instructions; and (2) credentials to access the DISS JVS application. For those who wish to manually request a DISS account, please follow the PSSAR Industry instructions on the DMDC website (psa.dmdc.osd.mil/psawebdocs/docPage.jsp?p=DISS) or contact the Industry Provisioning Team at DCSA.dcsa-northern.dcsa-dvd.mbx.provisioning@mail.mil. Click title for more information.

Reminder of upcoming DQI
May 1, 2020 - Reminder: The Defense Manpower and Data Center will conduct a Data Quality Initiative (DQI) in the Joint Personnel Adjudication System (JPAS) in mid-May to address subjects with Overdue Periodic Reinvestigations. In mid-May, impacted Facility Security Officers will receive a JPAS message with specific instructions on how to remedy the subject's record. For additional information please view a list of FAQ's here. https://www.dcsa.mil/Portals/91/Documents/news/Overdue PR DQI FAQ.pdf